Wireless communication system and method for facilitating wireless communication

ABSTRACT

In a system and method for facilitating wireless communication between agents in a wireless network, each agent is equipped with an agent&#39;s device using a main wireless infrastructure and a separate auxiliary wireless infrastructure. Initial contact between any first agent&#39;s device and any other agent&#39;s device is made within the auxiliary wireless infrastructure, whereas, once this initial contact has been established, all ensuing communications between the first agent&#39;s device and the other agent&#39;s device take place within the main wireless infrastructure.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Divisional of and claims the benefit priority fromU.S. Ser. No. 10/865,141, filed Jun. 10, 2004, which claims the benefitof priority from European Patent Application No. 03291391.5, filed Jun.11, 2003, the entire contents of each of which are incorporated hereinby reference.

TECHNICAL FIELD

The present invention relates to a communication system and a method forfacilitating communication between agents in a wireless network.

BACKGROUND ART

The use of wireless networks such as for example networks of personalwireless entertainment devices is expanding rapidly. In all wirelessnetworks which represent electronic communities where a number of agentsrepresenting or assisting people, businesses or devices interact, thereis the problem of quickly and efficiently initiating communication witha new agent. However trust between different agents must be adequatelydefined to avoid any intrusion of undesirable agents within the network.

Known systems are often centralized or complex with replication ofinformation and require very large data structures or imply significantpower consumption.

Moreover there is a need for improving trust management in peer-to-peer(P2P) environments where unknown agents are frequently introduced.

SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a methodand a system which remedy the abovementioned drawbacks of the knownwireless networks.

More specifically the present invention aims at improving access of anagent to a wireless network.

According to another object of the present invention, security should beincreased whilst optimising transaction efficiency and reducing dataredundancy.

The objects of the present invention are obtained through a method forfacilitating wireless communication between agents in a wirelessnetwork, wherein each agent is equipped with an agent's device using amain wireless infrastructure and a separate auxiliary wirelessinfrastructure which is distinct from the main wireless infrastructure,and wherein initial contact between any first agent's device and anyother agent's device is made within the auxiliary wirelessinfrastructure whereas, once this initial contact has been established,all ensuing communications between said first agent's device and saidany other agent's device take place within the main wirelessinfrastructure.

The initial step of establishing communications between devices on awireless network is facilitated by the use of a separate auxiliaryinfrastructure which is distinct and typically simpler than the mainpervasive infrastructure.

According to a specific embodiment of the present invention, the mainwireless infrastructure does not pre-exist before said initial contactand said initial contact made on the auxiliary wireless infrastructureincludes the step of exchanging information to set up an ad-hoc wirelessnetwork between said first agent's device and said other agent's device.

The present invention thus relates to a technique which uses dualwireless infrastructures and is suitable for establishing ad-hocconnections. In the sense of the present invention the maininfrastructure may thus include an ad-hoc network which is a collectionof wireless mobile nodes dynamically forming a temporary network, mobilenodes operating as hosts and as routers.

According to another specific embodiment, the main wirelessinfrastructure is pre-existent to said initial contact and said otheragent's device has already been recognised by said main wirelessinfrastructure before said initial contact.

According to a particular embodiment, the auxiliary wirelessinfrastructure uses a short-range device, said initial contact isestablished between said first agent's device and said at least oneaccess point device and, once said first agent's device has beenlocalized by said at least one access point device, communication isestablished between said first agent's device and other agent's devicesover the main wireless infrastructure which comprises a pervasivewireless local area network (WLAN).

According to another particular embodiment, the auxiliary wirelessinfrastructure uses a line-of-sight transmission for exchanging basicidentification information between a first agent's device and anotheragent's device during said initial contact, and further communicationbetween said first agent's device and said other agent's device isachieved over a main wireless infrastructure comprising a wireless localarea ad-hoc network.

According to an aspect of the invention, during the initial infraredconnection within the auxiliary wireless infrastructure, said firstagent's device and said other agent's device negotiate configurationsettings for communicating within the main wireless infrastructure, saidconfiguration settings comprising at least Service Set Identifier(SSID), channel and Internet Protocol (IP) address.

Advantageously said configuration settings further comprise a wiredequivalent privacy (WEP) key.

Thus the step of making initial contact on the auxiliary infrastructureserves to identify the agents, agree upon configuration parameters forthe main infrastructure and exchange authentication keys for ensuingtransactions on the main infrastructure.

According to another aspect of the present invention, said first agent'sdevice having been put into communication with a first other agent'sdevice within the main wireless infrastructure is allowed tohierarchically discover, in cascading series of discoveries, otheragent's devices based on acquaintances already known to said first otheragent's device after said initial contact.

The invention thus encompasses a method for facilitating communicationbetween agents in a network, wherein each agent is equipped with anagent's device using a main infrastructure and wherein a first agent'sdevice having been put into communication with a first other agent'sdevice within the main infrastructure is allowed to hierarchicallydiscover, in cascading series of discoveries, other agent's devicesbased on acquaintances already known to said first other agent's device.

More specifically, each agent's device includes a local database ofacquaintances which keeps a history of previous interactions with otheragent's devices with the names of the other agents and the levels ofacquaintances.

Any original interaction between two different agent's devicesestablishing an acquaintance is recorded by each agent's device keepinga friendly token of the original interaction.

Preferably, said friendly token comprises a private encryption keysigned certificate that can be read by a public encryption key.

Advantageously, in the databases of acquaintances, the agents aredistributed among a total of three to six levels of acquaintances.

In the database of acquaintances of a defined agent, the level 0 ofacquaintances comprises level 0 agents with whom interaction wasinitiated via direct contact with said defined agent, the level 1 ofacquaintances comprises level 1 agents with whom there has not beendirect contact with said defined agent, but who have been introduced tosaid defined agent by a level 0 agent, the level 2 of acquaintancescomprises level 2 agents who have been introduced to said defined agentby a level 1 agent, and so on, the trust decreasing from level 0 ofacquaintances to the level N of acquaintances, N being comprised between2 and 5.

Levels of acquaintanceship with heretofore unknown agents are verifieddirectly at transaction time during said initial contact.

To sum up the abovementioned technique according to the presentinvention is based on mutual trust, local records and distributedauthentication, keeping potential intrusion localised.

The present invention further relates to a wireless communication systemcomprising a main wireless infrastructure and a separate auxiliarywireless infrastructure using a plurality of agent's devices each beingequipped with detection means for establishing contact with at leastanother agent's device within said separate auxiliary wirelessinfrastructure and communication means for communicating with otheragent's devices within said main wireless infrastructure, wherein saiddetection means are adapted to provide initial contact between any firstagent's device and any other agent's device within the auxiliarywireless infrastructure whereas said communication means are adapted toensure communications between said first agent's device and said otheragent's device within the main wireless infrastructure once the initialcontact has been established by said detection means.

According to a particular embodiment, said main wireless infrastructureis an ad-hoc wireless network set up by agent's devices once the initialcontact has been established by the detection means of said agent'sdevices within an auxiliary wireless infrastructure.

According to a particular embodiment said auxiliary wirelessinfrastructure uses a short-range wireless connection and includes atleast one access point device and said main wireless infrastructurecomprises a pervasive wireless local area network (WLAN).

According to another particular embodiment, said detection meanscomprise means for transmitting and receiving an infrared-beam forexchanging basic identification information between a first agent'sdevice and another agent's device during the initial contact.

The main wireless infrastructure may comprise a high frequency wirelesslocal area ad-hoc network.

According to another aspect of the invention, each agent's deviceincludes means for storing a local database of acquaintances which keepsa history of previous interactions with other agent's devices with thenames of the other agents and the levels of acquaintances.

The invention thus encompasses a wireless communication systemcomprising a main wireless infrastructure using a plurality of agent'sdevices, each agent's device comprising communication means forcommunicating with other agent's devices within the main wirelessinfrastructure and means for storing a local database of acquaintanceswhich keeps a history of previous interactions with other agent'sdevices with the names of the other agents and the levels ofacquaintances.

Agent's devices may comprise terminals such as mobile phones, computers,personal digital assistants.

The invention further relates to a computer readable medium havingcomputer-executable instructions for an agent's device of acommunication network which is put into communication with a first otheragent's device within said communication network, saidcomputer-executable instructions performing the steps of hierarchicallydiscovering, in cascading series of discoveries, other agent's devicesbased on acquaintances already known to said first other agent's device.

BRIEF DESCRIPTION OF THE DRAWINGS

Additional objects and features of the invention will be more readilyapparent from the following detailed description and appended claimswhen taken in conjunction with the drawings, in which:

FIG. 1 is a schematic view of an example of a terminal equipmentconstituting an agent's device which may be used in a wirelesscommunication system according to the invention,

FIG. 2 is a schematic view of a first embodiment of a wirelesscommunication system according to the invention with a dual wirelessinfrastructure using infrared means for initializing ad-hoc wirelessnetwork configuration,

FIG. 3 is a schematic view of another embodiment of a wirelesscommunication system according to the invention with a dual wirelessinfrastructure using a short-range wireless connection and a pervasivehigh frequency wireless local area network,

FIG. 4 is a schematic diagram illustrating a connection request viashort range contact between two terminal equipments of a wirelesscommunication system according to the invention,

FIG. 5 is a schematic diagram illustrating the configuration settinggeneration between the two terminal equipments of FIG. 4,

FIG. 6 is a schematic diagram illustrating the reply configurationsettings between the two terminal equipments of FIGS. 4 and 5,

FIG. 7 is a schematic diagram illustrating the launching of long scaleinterface between the two terminal equipments of FIG. 4 to 6 to enablecommunication between the terminal equipments within a maininfrastructure constituted by a long scale wireless private network,

FIG. 8 is a schematic diagram illustrating with Friends' spheres thedirect contact between close friends,

FIG. 9 is a schematic diagram illustrating with Friends' spheres ahierarchy of friendship,

FIG. 10 is a schematic diagram illustrating with Friends' spheres thesituation when a new friend is introduced,

FIG. 11 and FIG. 12 are schematic diagrams illustrating with Friends'spheres two steps of an exchange between two agents when a new friend isintroduced,

FIG. 13 is a schematic diagram illustrating with Friends' spheres thesituation at the end of the exchange of FIGS. 11 and 12,

FIG. 14 is a schematic diagram illustrating with Friends' spheres a morecomplex hierarchy of friendship,

FIG. 15 is a schematic diagram illustrating the relationships betweenagents using private and public encryption keys, and

FIG. 16 to 19 are schematic diagrams illustrating four steps of theexchanges between two agents of FIG. 15 which have a common friend.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 shows an example of a terminal equipment 10 which is suitable tobe used in a wireless communication system according to the invention.Terminal 10 comprises conventional input means, display means, computingand processing means and information storage means. In addition terminal10 comprises both a short scale wireless interface 1 and a long scalewireless interface 2.

The terminal equipment 10 constitutes an agent's device such as forexample a mobile phone, a laptop computer, a notebook, a personaldigital assistant (PDA), a pager or any other kind of electronicequipment which enables an agent representing people, businesses ordevices to communicate via a wireless network. The terminal equipment 10may comprise software as well as hardware devices.

The short scale wireless interface 1 is used for initializing networkconfiguration when the terminal's user wants to initiate communicationwith another terminal. When a first terminal 10 a wants to initiatecommunication with another terminal 10 b (FIG. 2), initial contact ismade via the short scale wireless interfaces 1 of terminals 10 a and 10b thus using a separate auxiliary infrastructure which is distinct andtypically simpler than the main pervasive infrastructure used by theterminals for communicating via their long scale wireless interfaces 2.

The step of initial contact between terminals 10 a and 10 b via theirshort scale wireless interfaces 1 through the separate auxiliaryinfrastructure serves to identify the agents, agree upon configurationparameters for the main infrastructure, and exchange authentication keysor other means of acknowledgement for ensuing transactions on the maininfrastructure. Once this initial contact has been established, allensuing communications take place on the main infrastructure.

FIG. 4 to 7 illustrate different steps of the initialization ofcommunications between two devices 10 a and 10 b on a wireless networkusing dual wireless infrastructures according to the invention.

The method according to the invention is particularly adapted forestablishing ad-hoc connections in ad-hoc networks, i.e. proximitynetworks in which some of the network devices are part of the networkonly while in range of the rest of the network or for the duration of acommunications session.

Under such conditions the short scale wireless interface 1 of theterminals may use a line-of-sight transmission within the auxiliarywireless infrastructure for exchanging basic identification informationduring the initial “direct” contact between the terminals 10 a and 10 b.

Thus infrared may be used to bootstrap ad-hoc wireless networkconfiguration, e.g. according to the technique provided by the InfraredData Association (IrDA). A focused ray of light in the infraredfrequency spectrum is modulated with information and sent from atransmitter to a receiver over a relatively short distance. In thisexample, the short scale wireless interfaces 1 of the terminals 10 a, 10b, . . . include a transceiver combining infrared transmitter andreceiver.

In the example considered in FIG. 4 to 7, the main wirelessinfrastructure is constituted by a pervasive wireless fidelity (Wi-Fi)network, i.e. a high frequency wireless local area network (WLAN). Wi-Fiis specified in the 802.11b specification from the Institute ofElectrical and Electronics Engineers (IEEE). The 802.11b (Wi-Fi)technology operates in the 2.4 Ghz range and uses a modulation methodknown as complementary code keying (CCK). To safeguard securitypreferably some encryption means should be provided and may use forexample the Wired Equivalent Privacy (WEP) encryption standard. As canbe seen the pervasive long scale main wireless infrastructure is clearlydifferent from the short scale auxiliary wireless infrastructure whichrequires “direct contact” between the terminals through a line-of-sightlight transmission.

FIG. 4 illustrates the first step of a connection request A via shortrange “contact”. The transmitter of the short scale wireless interface 1of terminal 10 a transmits a connection request to the receiver of theshort scale wireless interface 1 of terminal 10 b.

FIG. 5 illustrates the generation of configuration settings. Followingthe receipt B by terminal 10 b of the connection request from terminal10 a, configuration settings C are generated by terminal 10 b. Theseconfiguration settings comprise two settings D and E relating toterminal 10 a and terminal 10 b respectively.

Each configuration setting may comprise Extended Service SetIdentification Data (ESSID), i.e. identification data of specific accesspoints to the network, WEP key, channel and Internet Protocol (IP)address.

FIG. 6 illustrates the step of reply F by terminal 10 b which impliestransmission via its short scale wireless interface 1 of theconfiguration settings D concerning terminal 10 a.

FIG. 7 illustrates the following step of connection of both terminals 10a and 10 b via their long scale wireless interfaces 2 through a longscale wireless private network G, each terminal 10 a respectively 10 bincluding its own configuration settings D respectively E.

Thus when using infrared (IrDA) to initialize ad-hoc wireless networkconfiguration, two devices initiate contact via an IR beam, exchangingbasis identification information. Over this initial IR connection theynegotiate a configuration for the Wi-Fi (at least SSID, channel, IPaddresses). Each device then configures his respective 802.11 settingsbased on this negotiation. The devices are then connected over 802.11ad-hoc mode automatically.

It may be noted that according to conventional device discovery andservice discovery methods, the arrival of a new device is announced toall other devices in range. The newly arriving device thus “sees” allthe other devices with no distinction and obtains a flat list of all whoare out there. By contrast according to the present invention the devicesuch as terminal 10 a under user control selectively and automaticallyinitiates communication with a specific partner device such as terminal10 b. Consequently the newly arriving device can hierarchically discoverthe other devices in range based on “acquaintances” already known to thepartner device with whom he initiates contact. This cascading series ofdevice discovery based on “introduction” mirrors social interaction andis an innovative method to establish trust in ad-hoc wireless andpeer-to-peer (P2P) networks.

This concept can be used in two different ways (depending on existingwireless network or not) to join an existing network or set up apersonal and secure wireless network.

In the first case there is no pre-existing network infrastructure. Twoterminals such as 10 a, 10 b exchange information through the auxiliarywireless infrastructure to set up the ad-hoc wireless network whichconstitutes a main wireless infrastructure.

In the second case a wireless network is already in use and constitutesa pre-existing main wireless infrastructure. The terminal such as 10 awho wants to join the network has to exchange information through theauxiliary wireless infrastructure with one of the terminals such as 10 bwhich are already using the main wireless infrastructure.

The invention may have a great variety of applications using theauxiliary wireless infrastructure, such as for example:

-   -   Set up free spontaneous temporarily ad-hoc network between peers        without any existing main structure (e.g. the process of meeting        someone in the street).    -   Gain temporary access to a corporate wireless network (e.g.        printing a document or checking one's E-mail during a meeting in        a company's building).    -   Associate beam of the short scale wireless interface with        payment to provide easy way to initialize pay-per-hour Internet        or service access.

FIG. 3 illustrates another specific example of a system according to theinvention. The main wireless infrastructure is a pervasive Wi-Fi networkincluding a plurality of terminals 10 a, 10 b, 10 c, . . . eachcomprising both a short scale wireless interface 1 and a long scalewireless interface 2. The auxiliary wireless infrastructure impliesshort-range radio links such as according to the Bluetoothspecification. Access Points (AP) 20 are also equipped both with a shortscale wireless interface 1 and a long scale wireless interface 2. Thusin the example of FIG. 3, both Bluetooth and 802.11b specifications areused for user localization. Bluetooth being used as a short rangeinfrastructure, the movements of a user having a terminal 10 a isdetected by Bluetooth APs 20 in each room. Data that reflect thesystem's responsiveness to user location is then deployed over thepervasive Wi-Fi network.

The social mechanisms for establishing trust in ad-hoc networks will nowbe described in a more detailed manner.

Each agent maintains in its terminal 10 a database (Buddy List) of“acquaintances”. This database keeps the names of the other previouslyknown agents and a level (Access Permissions) of acquaintance for eachknown agent. Record of acquaintance is confirmed by each agent keeping a“Friendly Token” of the original interaction, i.e. a private key signedcertificate 41, 42, 43 that can be read by a public key 21, 22, 23 (seeFIG. 15 to 19).

Level 0 agents are the closest acquaintances, i.e. agents with whominteraction was already initiated via direct contact as described above.These are agents with whom there exists the greatest trust and thereforethese agents have the most access permissions.

Level 1 agents are agents with whom there has not been direct contact.Instead, Level 1 agents have been “introduced” by a Level 0 agent. Thereis trust, but less than for Level 0 acquaintances.

Level 2 agents are those who have been introduced by Level 1 agents.Trust correspondingly decreases.

Diminishing levels continue in this fashion. Although the system is notlimited in the number of levels, satisfactory results may be obtainedwith a total of three to six levels.

It will be noted that the method and system according to the presentinvention do not imply any propagation. There is no centralized databasekeeping the state of the entire network. This not only increases faultresilience, but also optimises transaction efficiency. This reducestrust information redundancy in the system. Each agent keeps only a listof agents it knows, i.e. a history of interactions it has had.

Levels of acquaintanceship with heretofore unknown agents can beverified at transaction time. Short of initiating a new Level 0(“direct”) contact, agent III approaches agent I “on behalf” of agentII. In this case, agent III sends a friendly token that agent I canverify using the public key of agent II. Accordingly, trust isdetermined directly and does not depend on reputation nor the problem ofevaluating validity of reputation reporting. Indeed evaluating validityof reporting is a typical problem of reputation networks that createoverhead of second order trust evaluation needs: can an agent I trustwhat agent II says about agent III? The present system eliminates thissecond order effect.

According to the invention misbehaving agents are not reported, thusdecreasing total system communications overhead. There are no complaintsnor reporting. An agent keeps record of a bad transaction by loweringthe trust level by 1 of the “bad” agent. The repercussion ofmisbehaviour lowers not only the trust level of the misbehaving agent,but all acquaintances of that agent, i.e. getting downgraded by someoneautomatically downgrades all your friends that you have introduced.

The onus of cheating lies then in the burden of lowering the trustbefore others in one's entire sphere of acquaintances. The ultimatepenalty is to be omitted from group membership.

The invention provides a number of advantages. Thus for servicediscovery, the invention permits to indicate immediately with whichagent a transaction is desired whereas according to conventional methodswithout “direct contact” the agent seeking a service is lost in a listof proposed services that is disconnected from the physical or socialproximity at hand.

For trust, the “direct contact” assures secure initial exchange ofencryption keys between the agents whereas traditional security ispyramidal and a weak link can make the whole chain vulnerable.

Being based on mutual trust, local records and distributedauthentication, the method and system according to the invention keepspotential intrusion localized.

Once device interaction is initialized by initial contact on oneinfrastructure that auto-configures the main infrastructure, socialmodels of “contact” and “introduction” are used as a basis for servicediscovery. Spheres of device “acquaintance” are maintained, providing anelegant solution for trust and authentication in particular in networksof personal wireless entertainment devices.

The present invention implies a cascade of reputation that is ultrasimple due to the introduction of a friend of a friend. There is no needfor negotiation, no replication nor data redundancy of reputation data.There is no need for reputation propagation separate from communicating“friend of a friend” hierarchy at the time of the request. No complaintreporting is needed: the burden of cheating stays with the agent as onusof potentially lowering reputation of this entire group. Group dynamicswill act to eject a poor member of any group. A group thus auto policesitself. The trust hierarchy based on spheres of contact (layers ofacquaintances) is particularly adapted to association of multipledevices in an ad-hoc network to a particular owner.

The process of introducing a new friend will be described with referencewith FIG. 8 to 19.

The following notations will be used:

-   KName=private key of Name-   PuName=public key of Name-   [PuSomeone]Name=public key of Someone is signed by KName-   (Data)Name=Data is ciphered with Name's public key-   Verify([PuSomeone]Name, PuName)=verify a signed block with Name's    public key: the result can be true or false-   Cipher(Data,PuName)=cipher Data with Name's public key. The result    is (Data)Name.

Encryption is achieved with a public key whereas decryption is achievedwith a private key. Data are signed with a private key.

FIG. 8 illustrates the world of a given example with a sphere offriendship 101 for Kat and an associated table 121.

Both Doug (111) and Manu (112) are Kat's close friends, i.e. have haddirect contact with Kat.

FIG. 9 illustrates the world of the example of FIG. 8 with theintroduction of another member C-H and some hierarchy.

Doug appears as an entry 113 in Kat's sphere of friends 101. Doug'ssphere 102 has an entry 114 for his friend C-H. The associated table 122shows the hierarchy after Doug had introduced C-H to Kat.

FIG. 10 to 12 illustrate the process of introduction of a new friend.

Both Kat and Manu are Doug's friends. This is shown in the friends'spheres 131 and 133 of Kat and Manu respectively which both refer toDoug (141 and 143) and in the associated tables 151, 153.

-   The friends' sphere 132 of Doug includes Kat (142) and Manu (144) as    well as the associated table 152.

The situation of FIG. 10 may be summarized as follows:

-   Both Kat and Manu have their own private keys, namely Kkat and Kmanu    respectively.

The associated table 151 of Kat includes the following informationconcerning Doug:

-   Name: Doug-   Key: PuDoug-   Friendship token: [PuKat]Doug

The associated table 153 of Manu includes the following informationconcerning Doug:

-   Name: Doug-   Key: PuDoug-   Friendship token: [PuManu]Doug

The table 152 associated with the friends' sphere of Doug containssimilar information concerning Kat and Manu.

FIGS. 11 and 12 illustrate a first exchange between Manu and Kat whostill do not know each other.

On FIG. 11, Manu sends an initial message 191 to Kat (via the auxiliarywireless infrastructure) saying “I am Doug's friend” which according tothe abovementioned notation may be noted: [PuManu]Doug.

This first exchange means that Manu wants to be introduced to Kat by theintermediary of Doug.

Kat will extract Manu's public key using Doug's one and verify thatManu's assertion is true. This operation may be noted as follows:

-   Verify ([PuManu]Doug, PuDoug)=true

Referring to FIG. 12, once Kat has compared her Doug's “heart” withManu's one and may accept Manu's friendship, Kat will send back to Manua message 192 of acceptation.

In the message 192 Kat sends back her public key as well as random dataciphered with Manu's public key. This operation may be noted as follows:

-   Cipher (ABC and PuKat, PuManu)=(ABC and PuKat)Manu    wherein ABC represent random data and PuKat, PuManu are encrypted.

Manu will decrypt this block and extract the random data (here ABC) andKat's public key. This operation Cipher⁻¹ may be noted as follows:

-   Cipher⁻¹ ((ABC and PuKat)Manu, Kmanu)=ABC and PuKat

Manu will send back ABC ciphered with PuKat as follows:

-   Cipher (ABC, PuKat)=(ABC)Kat

Kat then decrypts this block of data and verifies that she received whatshe has previously sent.

Preferably, Manu further does the same sort of exchange to be sure thatKat is the one she pretends to be.

At this stage, Manu and Kat have exchanged enough information to buildtheir new vision of the world which is illustrated on FIG. 13.

Doug appears as an entry 145 in Kat's sphere of friends 131. The entry145 now refers to Doug's sphere of friends 132 a where Manu appears asan entry 144. Similarly, Doug appears as an entry 146 in Manu's sphereof friends 133. The entry 146 now refers to Doug's sphere of friends 132b where Kat appears as an entry 142. The tables 151′ and 153′ which arerespectively associated with friends' spheres 131 and 133 both includethe relationship between Manu and Doug, and Kat and Doug respectively.

FIG. 14 shows another example of a set of friends' spheres in a morecomplex situation.

The friends' sphere 201 of Kat includes Doug (211) and Karim (212). Thefriends' sphere 202 of Doug includes C-H (213) and Manu (214). Thefriends' sphere 203 of Karim includes Mat (216). Finally, the friends'sphere 204 of Manu includes Nico (215). The table 220 associated withthe friends' sphere 201 of Kat shows the hierarchical relationships offriendship between the different agents.

FIG. 15 to 19 simply illustrate in a different manner the examplepreviously given where two agents Manu and Kat have a common friendDoug, and Manu wants to see Kat on behalf of Doug.

FIG. 15 simply shows the agents' devices 331, 332, 333 respectivelyassociated with Kat, Doug and Manu as well as the corresponding tables351, 352, 353.

In the starting situation of FIG. 15, Kat's table 351 includes Doug'spublic key 22 as well as a token constituted by Kat's public key 21 witha certificate 42 signed by Doug. The certificate 42 signed by Doug as aprivate key owner can be read by anyone having Doug's public key.

Similarly, Manu's table 353 includes Doug's public key 22 as well as atoken constituted by Manu's public key 23 with a certificate 42 signedby Doug.

Doug's table 352 includes Kat's public key 21 as well as a tokenconstituted by Doug's public key 22 with a certificate 41 signed by Kat.Doug's table 352 further includes Manu's public key 23 as well as atoken constituted by Doug's public key with a certificate 43 signed byManu.

FIG. 16 illustrates the step where Manu's device 333 sends to Kat'sdevice 331 (preferably via the auxiliary infrastructure) a tokencomprising Manu's public key 23 with a certificate 42 signed by Doug.

FIG. 17 illustrates the step where Kat's device 331 confirms that thereceived token is good and sends back to Manu's device 333 an encryptedmessage 33 which can be only decrypted by private key owner Manu. Suchencrypted message includes a random generated string 51 defined as xyzand Kat's public key 21 with the certificate 42 signed by Doug.

FIG. 18 illustrates the step where Manu's device 333 confirms that thereceived token is good and sends back to Kat's device 331 an encryptedmessage 31 which may only be decrypted by Kat's device 331 and includesthe first random generated string 51 defined as xyz as well as a secondrandom generated string 52 defined as uvw.

FIG. 19 illustrates the step where Kat's device 331 confirms receptionof the random generated strings 51 and 52 defined as xyz and uvw andresends an encrypted message 33 which can only be decrypted by Manu'sdevice 333 and includes the second random generated string 52 defined asuvw to confirm that Manu is Manu and that Kat's device 331 acceptsManu's device public key 23.

Finally Manu's device 333 also confirms reception of the randomgenerated string 52 defined as uvw and in a similar way confirms thatKat is Kat and that Manu's device 333 accepts Kat's device public key21.

In view of the many possible embodiments to which the principles of theinvention may be applied, it should be recognized that the embodimentsdescribed herein with respect to the drawing figures are meant to beillustrative only and should not be taken as limiting the scope of theinvention. For example, although it is preferable that the dual wirelessinfrastructures used for initializing ad-hoc networks be combined withthe social models of “contact” and “introduction” as a basis for servicediscovery and as a way of establishing trust in ad-hoc networks, sincethis combination of features provides an effect of synergy, the processof maintaining spheres of device “acquaintance” could be usedindependently of dual wireless infrastructures within a singleinfrastructure.

1. A method for facilitating wireless communication between agents in awireless network, wherein each agent is equipped with an agent's deviceusing a main wireless infrastructure and a separate auxiliary wirelessinfrastructure which is distinct from the main wireless infrastructure,and wherein initial contact between any first agent's device and anyother agent's device is made within the auxiliary wirelessinfrastructure said initial contact made on the auxiliary wirelessinfrastructure comprising negotiating configuration settings forcommunicating within the main wireless infrastructure, whereas, oncethis initial contact has been established, all ensuing communicationsbetween said first agent's device and said any other agent's device takeplace within the main wireless infrastructure.
 2. A method according toclaim 1, wherein the main wireless infrastructure does not pre-existbefore said initial contact and said initial contact made on theauxiliary wireless infrastructure includes the step of exchanginginformation to set up an ad-hoc wireless network between said firstagent's device and said other agent's device.
 3. A method according toclaim 1, wherein the main wireless infrastructure is pre-existent tosaid initial contact and said other agent's device has already beenrecognized by said main wireless infrastructure before said initialcontact.
 4. A method according to claim 1, wherein said auxiliarywireless infrastructure uses a short-range device, said initial contactis established between said first agent's device and said at least oneaccess point device and, once said first agent's device has beenlocalized by said at least one access point device, communication isestablished between said first agent's device and other agent's devicesover the main wireless infrastructure which comprises a pervasivewireless local area network (WLAN).
 5. A method according to claim 1,wherein said auxiliary wireless infrastructure uses a line-of-sighttransmission for exchanging basic identification information between afirst agent's device and another agent's device during said initialcontact, and further communication between said first agent's device andsaid other agent's device is achieved over a main wirelessinfrastructure comprising a wireless local area ad-hoc network.
 6. Amethod according to claim 4, wherein said configuration settingsconfigured during the initial contact comprises at least Service SetIdentifier (SSID), channel and Internet Protocol (IP) address.
 7. Amethod according to claim 6, wherein said configuration settings furthercomprise a wired equivalent privacy (WEP) key.
 8. A method according toclaim 1, wherein said first agent's device having been put intocommunication with a first other agent's device within the main wirelessinfrastructure is allowed to hierarchically discover, in cascadingseries of discoveries, other agent's devices based on acquaintancesalready known to said first other agent's device after said initialcontact.
 9. A wireless communication system comprising a main wirelessinfrastructure and a separate auxiliary wireless infrastructure using aplurality of agent's devices each being equipped with detection meansfor establishing contact with at least another agent's device withinsaid separate auxiliary wireless infrastructure and communication meansfor communicating with other agent's devices within said main wirelessinfrastructure, wherein said detection means are adapted to provideinitial contact between any first agent's device and any other agent'sdevice within the auxiliary wireless infrastructure to establishconfiguration settings for the main wireless infrastructure, whereassaid communication means are adapted to ensure all ensuingcommunications between said first agent's device and said other agent'sdevice within the main wireless infrastructure once the initial contacthas been established by said detection means.
 10. A system according toclaim 9, wherein said main wireless infrastructure is an ad-hoc wirelessnetwork set up by agent's devices once the initial contact has beenestablished by the detection means of said agent's devices within anauxiliary wireless infrastructure.
 11. A system according to claim 9,wherein said auxiliary wireless infrastructure uses a short-rangewireless connection and includes at least one access point device andsaid main wireless infrastructure comprises a pervasive wireless localarea network (WLAN).
 12. A system according to claim 9, wherein saiddetection means comprise means for transmitting and receiving aninfrared-beam for exchanging basic identification information between afirst agent's device and another agent's device during the initialcontact.
 13. A system according to claim 12, wherein said main wirelessinfrastructure comprises a high frequency wireless local area ad-hocnetwork.
 14. A system according to claim 9, wherein each agent's deviceincludes means for storing a local database of acquaintances which keepsa history of previous interactions with other agent's devices with thenames of the other agents and the levels of acquaintances.
 15. A systemaccording to claim 9, wherein agent's devices comprise terminals such asmobile phones, computers, personal digital assistants.
 16. A methodaccording to claim 8, wherein each agent's device includes a localdatabase of acquaintances which keeps a history of previous interactionswith other agent's devices with the names of the other agents and thelevels of acquaintances.